Beschreibung: | Summary: This host is missing a critical security update according to Microsoft KB4512501
Vulnerability Insight: Multiple flaws exist due to:
- Windows improperly handles objects in memory.
- Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system.
- Windows DirectX improperly handles objects in memory.
- Windows GDI component improperly discloses the contents of its memory.
- Windows font library improperly handles specially crafted embedded fonts.
- Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
- Windows Jet Database Engine improperly handles objects in memory.
- The Chakra scripting engine improperly handles objects in memory in Microsoft Edge.
- Windows RDP server improperly discloses the contents of its memory.
- Windows kernel fails to properly handle objects in memory.
Please see the references for more information about the vulnerabilities.
Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code on the client machine, obtain information to further compromise user's system, elevate privileges and create a denial of service condition causing the target system to become unresponsive.
Affected Software/OS: - Microsoft Windows 10 Version 1803 for x64-based Systems
- Microsoft Windows 10 Version 1803 for 32-bit Systems
Solution: The vendor has released updates. Please see the references for more information.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|